git.ipfire.org Git - thirdparty/snort3.git/log

Merge pull request #3097 in SNORT/snort3 from ~SVLASIUK/snort3:jit_integration to master

Squashed commit of the following:

commit bf4d7d74121f85dfc9cc576ac43943beca597941
Author: Serhii Vlasiuk <svlasiuk@cisco.com>
Date:   Mon Sep 27 19:08:05 2021 +0300

    http_inspect: implement JIT (just-in-time) for JavaScript normalization

    Remove 'experimental' from JavaScript normalization documentation
    Update js_normalization_depth=-1 as default value
    Remove previous JIC implementation for JavaScript normalizatio

Merge pull request #3105 in SNORT/snort3 from ~THOPETER/snort3:nhttp160 to master

Squashed commit of the following:

commit d2e095d8a54d8e358a6b0b8fb0c5f1f9c16afd31
Author: Tom Peters <thopeter@cisco.com>
Date: Mon Oct 4 16:26:34 2021 -0400

http_inspect: hardening

Merge pull request #3108 in SNORT/snort3 from ~AMARNAYA/snort3:vba_trace_option to master

Squashed commit of the following:

commit 677a94f271b0e1673c0dd4d2100ab05abe0af2a6
Author: Amarnath Nayak <amarnaya@cisco.com>
Date: Tue Oct 12 15:03:06 2021 +0000

http_inspect, ips_option: decoupling the vba_data ips option from http_inspect and adding the trace debug option to vba_data

Merge pull request #3109 in SNORT/snort3 from ~CLJUDGE/snort3:snort3_change_efp_api_name to master

Squashed commit of the following:

commit 688e16cf8b054340cea70ad844a2b59de72f1680
Author: cljudge <cljudge@cisco.com>
Date: Wed Oct 13 22:50:23 2021 -0400

appid: Update the name of the lua API function that adds process name to client app mappings.

Merge pull request #3113 in SNORT/snort3 from ~SBAIGAL/snort3:policy_clone_fix to master

Squashed commit of the following:

commit 4ef0ca4751a18219dcca764e81dcd3038d8b573a
Author: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Sat Oct 16 10:08:05 2021 -0400

policy: update policy clone code to avoid corrupting active configuration

Merge pull request #3112 in SNORT/snort3 from ~ALLEWI/snort3:doc_builtin_updates to master

Squashed commit of the following:

commit db9787bd712e4ab9f66e39fa6139dc48a2af3b4c
Author: alewis (allewi) <allewi@cisco.com>
Date: Fri Oct 15 11:12:11 2021 -0400

doc: builtin rule documentation updates

Merge pull request #3111 in SNORT/snort3 from ~SMINUT/snort3:smbfp_crash to master

Squashed commit of the following:

commit 01950a49d010b9a06472758de90e0390d7ec0ce2
Author: Silviu Minut <sminut@cisco.com>
Date: Fri Oct 15 11:55:31 2021 -0400

rna: call set_smb_fp_processor function in reload tuner

Merge pull request #3095 in SNORT/snort3 from ~OSERHIIE/snort3:js_built_ins to master

Squashed commit of the following:

commit d253c19d845340b83e7abac8085d07b38b5ebca4
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date:   Wed Sep 29 17:00:12 2021 +0300

    http_inspect: do not normalize JavaScript built-in identifiers

        * utils: update JSTokenizer to track the scope
        * utils: update JSTokenizer to track JavaScript built-in identifiers
        * utils: update JSIdentifierCtx to check for JavaScript built-in identifiers
        * utils: add unit tests for scope and identifiers tracking
        * utils: add benchmarks for scope and identifiers tracking
        * http_inspect: add js_norm_max_scope_depth config option to limit maximum depth of scope nesting
        * http_inspect: add js_norm_built_in_ident config option as a list of JavaScript built-in identifiers
        * http_inspect: update 119:271 rule to alert on both template and scope depth limit reached
        * http_inspect: update 119:265 rule to alert on the scope mismatch
        * http_inspect: update dev_notes.txt with info about JavaScript built-in identifiers and scope tracking
        * lua: update snort_defaults.lua with a default list of JavaScript built-in identifiers
        * doc: update user/http_inspect.txt with info about JavaScript built-in identifiers and scope tracking
        * doc: update reference/builtin_stubs.txt with updates in 119:271 rule description

Merge pull request #3104 in SNORT/snort3 from ~MMATIRKO/snort3:doc_fix to master

Squashed commit of the following:

commit feeb3bf6c787582beee1fd671d65e7e069000e0f
Author: Michael Matirko <mmatirko@cisco.com>
Date: Tue Oct 12 11:51:10 2021 -0400

doc: add punctuation to builtin stubs, fix formatting

Merge pull request #3100 in SNORT/snort3 from ~SMINUT/snort3:hosts_lua to master

Squashed commit of the following:

commit 1a4a55d21c0f95ac0e128c5654490719acdfdef2
Author: Silviu Minut <sminut@cisco.com>
Date: Mon Oct 11 18:21:09 2021 -0400

rna: do not do service discovery for future flows

Merge pull request #3099 in SNORT/snort3 from ~MDAGON/snort3:try_fix to master

Squashed commit of the following:

commit 31bfb668b854b15698e54fe4b2ea3ec68388d484
Author: Maya Dagon <mdagon@cisco.com>
Date: Fri Oct 8 16:50:36 2021 -0400

http2_inspect: partial header with priority flag set

Merge pull request #3089 in SNORT/snort3 from ~DKYRYLOV/snort3:js_norm_asi to master

Squashed commit of the following:

commit feeedee58a22544fb4788a2646af52c65f1dc8cf
Author: dkyrylov <dkyrylov@cisco.com>
Date: Mon Sep 20 14:48:53 2021 +0300

http_inspect: add automatic semicolon insertion

Merge pull request #3022 in SNORT/snort3 from ~AMARNAYA/snort3:feature_vba_macrodata to master

Squashed commit of the following:

commit a6e4992d0bf97781fdefc90fe89571c4210f574c
Author: Steve Chew (stechew) <stechew@cisco.com>
Date: Mon Jul 19 21:49:09 2021 +0000

decompress, http_inspect: Add support for processing ole files and for vba_data ips option

Merge pull request #3092 in SNORT/snort3 from ~SHRARANG/snort3:appid_user_agent_conflict to master

Squashed commit of the following:

commit 20f74e289a32707dfe605235ed6fa72c2f0c6c0f
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Wed Oct 6 09:20:42 2021 -0400

appid: detect client based on longest matching user agent pattern

Merge pull request #3093 in SNORT/snort3 from ~ROOBS/snort3:code_coverage_7.2 to master

Squashed commit of the following:

commit a3f139f7cd01c754af79cf24015bdbff3439e114
Author: roopa <roobs@cisco.com>
Date: Thu Oct 7 02:31:00 2021 -0400

build: fix in CodeCoverage.cmake to generate *.gcda *.o files as needed by gcov

Merge pull request #3080 in SNORT/snort3 from ~THOPETER/snort3:nhi_alert_doc to master

Squashed commit of the following:

commit 8791eab62e93eea548e7edeb7640de03a5298385
Author: Tom Peters <thopeter@cisco.com>
Date: Tue Sep 28 17:34:14 2021 -0400

http_inspect: document built-in alerts

Merge pull request #3085 in SNORT/snort3 from ~SMINUT/snort3:tcp_opt_iter to master

Squashed commit of the following:

commit 218596bc8e12000e2757d7fd66f5feeeb3c7643e
Author: Silviu Minut <sminut@cisco.com>
Date: Fri Oct 1 15:24:07 2021 -0400

protocols: prevent infinite loop over tcp options

Merge pull request #3088 in SNORT/snort3 from ~BSACHDEV/snort3:stress_smb2 to master

Squashed commit of the following:

commit 4de99c141ba599b04b6bb43fbb6af18b63ae836a
Author: Bhargava Jandhyala (bjandhya) <bjandhya@cisco.com>
Date: Mon Oct 4 14:05:53 2021 +0000

dce_smb: Optimised handling pruning of flows in stress environment

Merge pull request #3094 in SNORT/snort3 from ~MSTEPANE/snort3:build_3.1.14.0 to master

Squashed commit of the following:

commit f1c4c6e1a28ce61f4a14570228bc6778a6734a45
Author: Mike Stepanek <mstepane@cisco.com>
Date: Thu Oct 7 06:41:30 2021 -0400

build: generate and tag 3.1.14.0

Merge pull request #3084 in SNORT/snort3 from ~SATHIRKA/snort3:rpc_assert_failure to master

Squashed commit of the following:

commit d4a4f383859d75e912fdd65f6d5faf2cd2ecd1b3
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Wed Sep 29 16:28:36 2021 -0400

appid: Enhance RPC service detector to handle RPC Bind version 3

Merge pull request #3091 in SNORT/snort3 from ~SHRARANG/snort3:appid_catch to master

Squashed commit of the following:

commit ec230de1016fe57e421ea2899ccdd2a874ddca65
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Wed Oct 6 07:18:46 2021 -0400

appid: fix update_allocations signature in unit test

Merge pull request #3082 in SNORT/snort3 from ~MMATIRKO/snort3:builtins-and-whitespace to master

Squashed commit of the following:

commit 9bcc9030b36dd2a4eaf3851e9a7a01249605e34b
Author: Michael Matirko <mmatirko@cisco.com>
Date:   Mon Sep 27 17:44:09 2021 -0400

    doc: update builtin stub rule reference strings

commit 9ccee4fc53a5b93ed96fc38295e4eb87a7afafe1
Author: Michael Matirko <mmatirko@cisco.com>
Date:   Mon Sep 27 17:39:41 2021 -0400

    style: remove leading and trailing whitespace

Merge pull request #3076 in SNORT/snort3 from ~BRASTULT/snort3:decompress_depth to master

Squashed commit of the following:

commit d056c241b14ced1f3357bd7c35f9ae2aea69ec85
Author: Brandon Stultz <brastult@cisco.com>
Date:   Mon Sep 20 18:02:37 2021 -0400

    lua: fix Talos tweak snaplen

commit 3f4aa706fea3ea693f3a9b008d5e548a169519c7
Author: Brandon Stultz <brastult@cisco.com>
Date:   Fri Sep 17 14:02:13 2021 -0400

    file_api: add decompress_buffer_size

Merge pull request #3077 in SNORT/snort3 from ~ROOBS/snort3:packet_tracer_config to master

Squashed commit of the following:

commit 0a1add665730f5f1f5fcfb35e76fc20d539d1bc7
Author: roopa <roobs@cisco.com>
Date: Thu Sep 23 08:47:46 2021 -0400

file: Added file policy id and other config data as part of packet tracer command under File phase.

Merge pull request #3087 in SNORT/snort3 from ~MDAGON/snort3:hardening to master

Squashed commit of the following:

commit 8dcfe0f20d08e185096f138a043ddf0b15b1468d
Author: Maya Dagon <mdagon@cisco.com>
Date: Fri Oct 1 15:09:58 2021 -0400

http2_inspect: compare scanned bytes to total received during reassemble

Merge pull request #3086 in SNORT/snort3 from ~VHORBATO/snort3:ident_test_clang_fix to master

Squashed commit of the following:

commit fb97da11d3f0587d11edf7b62570f1d3b049ac0d
Author: vhorbato <vhorbato@cisco.com>
Date: Mon Oct 4 13:29:26 2021 +0300

utils: fix compilation error of js_identifier_ctx_test for clang

Merge pull request #3081 in SNORT/snort3 from ~VHORBATO/snort3:rename_norm_ident to master

Squashed commit of the following:

commit 613865899894440d15e9cb49ba6a76b1cb790688
Author: Vitalii <vhorbato@cisco.com>
Date:   Mon Sep 27 09:49:16 2021 +0300

    http_inspect: change format of normalized JS identifiers

    utils: adjust output streambuffer expanding strategy and reserved memory

Merge pull request #3078 in SNORT/snort3 from ~MDAGON/snort3:abort to master

Squashed commit of the following:

commit 5feb849b9a5669339c082f9ab0197c7453163fb8
Author: Maya Dagon <mdagon@cisco.com>
Date: Fri Sep 24 13:59:54 2021 -0400

http2_inspect: protect against reassemble with more than MAX_OCTETS

Merge pull request #3046 in SNORT/snort3 from ~SMULKA/snort3:fw_si to master

Squashed commit of the following:

commit 643cfe8c00aef8724a2ef12c7f9c8de751fe366b
Author: smulka <smulka@cisco.com>
Date: Tue Aug 31 23:18:02 2021 -0400

appid: log appid daq trace first followed by subscriber modules

Merge pull request #3068 in SNORT/snort3 from ~ARMANDAV/snort3:rna_tls_fingerprinting to master

Squashed commit of the following:

commit 064f3c63f264e14a74acf46a89dbfa7fd8cc5da2
Author: armandav <armandav@cisco.com>
Date: Mon Sep 20 06:42:33 2021 -0400

rna: Support CPE new os RNA event

Merge pull request #3075 in SNORT/snort3 from ~OSHUMEIK/snort3:streambuf to master

Squashed commit of the following:

commit 27e4c24b75d3b134656501765fad26a35c125fac
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Fri Sep 17 13:10:27 2021 +0300

    utils: add custom i/o stream buffers to JS normalizer

    The input stream buffer is a buffer over separated regions,
    which presents a continuous sequence to the caller.

    The output stream buffer is like std:stringstream.
    It has an ability to dynamically extend the buffer
    and to give away ownership over its memory to someone else.

    Some trace messages were removed
    (intermediate result are encapsulated in streambuf object now).

    Temporal buffer (for script detection mechanism) is prepended immediately
    to the output as soon as normalizer context created.

Merge pull request #3070 in SNORT/snort3 from ~DKYRYLOV/snort3:doc_js_alerts to master

Squashed commit of the following:

commit 672f4c70d2d70481d2a038a752dfdc5a8973db49
Author: dkyrylov <dkyrylov@cisco.com>
Date: Wed Sep 22 13:45:48 2021 +0300

doc: Add descriptions for 119:265-271 builtin alerts

Merge pull request #3066 in SNORT/snort3 from ~ABHPAL/snort3:efd to master

Squashed commit of the following:

commit a7546af7ffbfe398895275113b8647ebc1f8ca4d
Author: abhpal <abhpal@cisco.com>
Date:   Tue Sep 21 14:45:08 2021 +0530

    latency: adding configuration for implicit enable

commit 56dd75b7fc2ea8b87a58fbd7745ffbf35a977c04
Author: abhpal <abhpal@cisco.com>
Date:   Tue Sep 21 14:43:41 2021 +0530

    snort_config: adding api for enabling latency module

commit cd88ec50a401f9badd105ed22fe62739c44496de
Author: abhpal <abhpal@cisco.com>
Date:   Thu Sep 16 20:09:57 2021 +0530

    flow: add total flow latency to flowstats

Merge pull request #3074 in SNORT/snort3 from ~VHORBATO/snort3:script_data_renaming to master

Squashed commit of the following:

commit b0d5e3b51f77e38937e040229cd92487c76499ad
Author: Vitalii <vhorbato@cisco.com>
Date: Wed Sep 22 14:12:42 2021 +0300

ips_options: rename script_data buffer to js_data

Merge pull request #3042 in SNORT/snort3 from ~CLJUDGE/snort3:snort3_mercury_process_clientapp_mapping to master

Squashed commit of the following:

commit e0711099931cf59733dbfe1a95c2e2b927df5acb
Author: cljudge <cljudge@cisco.com>
Date: Thu Jun 17 10:15:02 2021 -0400

appid: provide api for Lua detectors to map process name to client app

Merge pull request #3071 in SNORT/snort3 from ~STECHEW/snort3:build_3.1.13.0 to master

Squashed commit of the following:

commit 074c6b13a6ce3dc156013a217a934ef402e95b0a
Author: Steve Chew <stechew@cisco.com>
Date: Wed Sep 22 08:57:19 2021 -0400

build: generate and tag 3.1.13.0

Merge pull request #3065 in SNORT/snort3 from ~MDAGON/snort3:pruning2 to master

Squashed commit of the following:

commit 27e9bef80fed555db0a0736076704064a875c4e8
Author: Maya Dagon <mdagon@cisco.com>
Date: Tue Sep 14 15:50:23 2021 -0400

flow: don't do memcap pruning if pruning is in progress

Merge pull request #3062 in SNORT/snort3 from ~KAMURTHI/snort3:sun_rpc_continue to master

Squashed commit of the following:

commit 25faeb22b81be46802883270ade9806e2070a374
Author: Kanimozhi Murthi <kamurthi@cisco.com>
Date: Fri Sep 10 21:58:58 2021 -0400

appid: stay in success state after RPC is detected.

Merge pull request #3069 in SNORT/snort3 from ~MASHASAN/snort3:hc_unused to master

Squashed commit of the following:

commit d534f009caa0c3499c835bfd1b93f15b9f077697
Author: Masud Hasan <mashasan@cisco.com>
Date: Tue Sep 21 10:26:29 2021 -0400

host_tracker: Removing unused methods

Merge pull request #3063 in SNORT/snort3 from ~RUCOMBS/snort3:builtin_updates to master

Squashed commit of the following:

commit 508f5f6fbdfa23164de04e2bb8d3a1b1891fff5f
Author: russ <rucombs@cisco.com>
Date:   Thu Sep 16 10:45:23 2021 -0400

    doc: update reference for 2:1 and 129:13

commit b8faac492d0600066d96313ab7dc3d311f47c376
Author: russ <rucombs@cisco.com>
Date:   Thu Sep 16 09:58:56 2021 -0400

    doc: add support for details on builtin rules in the reference

commit bb770ef86631a810a1daf4881a6b076915d04486
Author: russ <rucombs@cisco.com>
Date:   Thu Sep 16 06:24:36 2021 -0400

    output: adopt the orphaned tag alert (2:1)

commit a513ffe9a47e639314c1e57745ad75f415e6abd1
Author: russ <rucombs@cisco.com>
Date:   Fri Sep 10 13:48:22 2021 -0400

    builtins: add --dump-builtin-options

    The unused, hard-coded rev and priority are removed from the dumped
    stubs. This new option provides a way to append arbitrary metadata to
    the stub. If used, it must precede --dump-builtin-rules.

commit 96524d4fe55040df783a5119a433bae176de6d46
Author: russ <rucombs@cisco.com>
Date:   Fri Sep 10 11:03:33 2021 -0400

    cip, iec104: update stub rule messages for consistent format

Merge pull request #3067 in SNORT/snort3 from ~DERAMADA/snort3:netflow_unique_templates to master

Squashed commit of the following:

commit d936e929feacc641f05d7da7965a460c75a55e58
Author: Deepak Ramadass <deramada@cisco.com>
Date:   Fri Sep 17 10:45:56 2021 -0400

    fix cppucheck

commit 2d612e6f89852f66e6ccdfba40c79105364f2b41
Author: Deepak Ramadass <deramada@cisco.com>
Date:   Fri Sep 17 10:02:41 2021 -0400

    netflow: use device ip and template id to ensure that the template cache keys are unique

Merge pull request #3061 in SNORT/snort3 from ~MASHASAN/snort3:rna_aep to master

Squashed commit of the following:

commit 5c077c59fdee7b25811399cb54227134cd1c61cd
Author: Masud Hasan <mashasan@cisco.com>
Date:   Tue Sep 14 22:15:39 2021 -0400

    host_cache: Avoid data race in cache size access

commit eedfb883372e33ff63ffc18b88a4ddca7a6fdefe
Author: Masud Hasan <mashasan@cisco.com>
Date:   Tue Sep 14 22:25:31 2021 -0400

    trough: Avoid data race in file count

commit f114c5c8711041adf50027f3f8982df1bf267126
Author: Masud Hasan <mashasan@cisco.com>
Date:   Tue Sep 14 16:16:22 2021 -0400

    rna: Avoid data races in vlan and mac address

commit 845a8c2c203eea39fea03ef2a437ffbebf9f41c8
Author: Masud Hasan <mashasan@cisco.com>
Date:   Tue Sep 14 12:48:37 2021 -0400

    rna: Avoid infinite loop in ICMPv6 options

Merge pull request #3064 in SNORT/snort3 from ~SHRARANG/snort3:vdb_ci to master

Squashed commit of the following:

commit 5f9d8a09fb045bdff70841ce5aa6b4caeb8b80ab
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Wed Sep 1 21:43:33 2021 -0400

appid: prioritize appid's client detection over third-party

Merge pull request #3060 in SNORT/snort3 from ~KATHARVE/snort3:portablility to master

Squashed commit of the following:

commit 334e79aa67c4494c0f4c3814ca9eb1897b7cc7a1
Author: Katura Harvey <katharve@cisco.com>
Date: Wed Sep 15 12:42:01 2021 -0400

http_inspect: remove memrchr for portability

Merge pull request #3056 in SNORT/snort3 from ~VHORBATO/snort3:replace_doc_update to master

Squashed commit of the following:

commit 442c4df5290bb247cbca8082017a07aef5ca1f6b
Author: Vitalii <vhorbato@cisco.com>
Date: Mon Sep 13 11:41:16 2021 +0300

doc: update the documentation of "replace" option and "rewrite" action

Merge pull request #3058 in SNORT/snort3 from ~SVLASIUK/snort3:clang_tests_fix to master

Squashed commit of the following:

commit 5e0b2df7cce8a2dd802bf41fa7c3af47c7120e76
Author: Serhii Vlasiuk <svlasiuk@cisco.com>
Date: Wed Sep 8 17:11:02 2021 +0300

utils: avoid using pubsetbuf which is STL implementation dependent

Merge pull request #3057 in SNORT/snort3 from ~SMINUT/snort3:tcp_session_timeout to master

Squashed commit of the following:

commit c4a246fa22f060d6201b8ec2427d864a1de7ab0c
Author: Silviu Minut <sminut@cisco.com>
Date: Mon Sep 13 13:10:26 2021 -0400

stream: change session_timeout default for tcp, ip, icmp and user

Merge pull request #3059 in SNORT/snort3 from ~OSERHIIE/snort3:fix_typo to master

Squashed commit of the following:

commit ccc93065764b03a0941dc590dcf4fbf8b8d1c777
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Wed Sep 15 13:07:35 2021 +0300

utils: fix typo in js_normalizer_test

Merge pull request #3053 in SNORT/snort3 from ~KATHARVE/snort3:file_new_api_http to master

Squashed commit of the following:

commit e3fa45d99222f475663ab5ed74f906179dedf8c2
Author: Katura Harvey <katharve@cisco.com>
Date:   Fri Sep 3 11:48:51 2021 -0400

    http_inspect: pass file_api the uri with the filename and extract the filename from the uri path

commit e2811f85a07a783cd88e55206d4bd5baf4817e08
Author: bsachdev <bsachdev@cisco.com>
Date:   Wed Sep 1 07:29:44 2021 -0400

    file_api: new api added for url

Signed-off-by: bsachdev <bsachdev@cisco.com>

Merge pull request #3051 in SNORT/snort3 from ~BSACHDEV/snort3:smb_crash to master

Squashed commit of the following:

commit 8ce04eac431afcc03615fd2e6cda04d6a88522d3
Author: bsachdev <bsachdev@cisco.com>
Date: Wed Sep 8 00:43:10 2021 -0400

smb: added a null check when current_flow is not present

Signed-off-by: bsachdev <bsachdev@cisco.com>

Merge pull request #3055 in SNORT/snort3 from ~BSACHDEV/snort3:old_commit to master

Squashed commit of the following:

commit e739ce037ad55f14198c92d5d2537bca5b3cdcfa
Author: bsachdev <bsachdev@cisco.com>
Date:   Thu Sep 9 11:14:37 2021 -0400

    Revert "Merge pull request #2916 in SNORT/snort3 from ~DIPANDIT/snort3:flow_from_file_context to master"

    This reverts commit 1c499b3816b3f1435d2b56f5ee0912bd0586cc68.

Merge pull request #3052 in SNORT/snort3 from ~RUCOMBS/snort3:snort2lua_version to master

Squashed commit of the following:

commit 1d21d526cceb9298793a9edc73a40c7d88077530
Author: Alessandro Pisani <alessandropisani19@gmail.com>
Date:   Wed Sep 8 00:32:15 2021 -0700

    snort2lua: Fixed version output (issue #213)

    Thanks to A-Pisani for the fix.

Merge pull request #3048 in SNORT/snort3 from ~OSERHIIE/snort3:doc_catch_benchmark to master

Squashed commit of the following:

commit ab7f95b9bd22a757db2d6649721b13c4815d92f7
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Tue Sep 7 22:01:32 2021 +0300

doc: update user tutorial with '--enable-benchmark-tests' option

Merge pull request #3045 in SNORT/snort3 from ~OSERHIIE/snort3:catch_benchmark to master

Squashed commit of the following:

commit fad1033e09ad17dd0d52c9f351770cc066e763b3
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date:   Tue Sep 7 21:53:26 2021 +0300

    utils: add reference and description for ClamAV test cases

commit 4e4d7fe2d3f4e97128331b0319d97b3a3d72bef1
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date:   Wed Sep 1 16:41:19 2021 +0300

    utils: add benchmark tests for JSNormalizer

commit 2a9ad15365ed73732ff0777886e1fbc239efbf72
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date:   Mon Aug 30 12:59:31 2021 +0300

    catch: enable benchmarking

Merge pull request #3047 in SNORT/snort3 from ~YVELYKOZ/snort3:time_t_fix_freebsd to master

Squashed commit of the following:

commit d53766499ed4ffd57a1a401ce3b65f55656fa1bb
Author: Vitalii <vhorbato@cisco.com>
Date: Tue Sep 7 18:00:45 2021 +0300

control: explicitly include ctime header in control.h

Merge pull request #3049 in SNORT/snort3 from ~THOPETER/snort3:nhttp159 to master

Squashed commit of the following:

commit c11ec4a9e5280dafeb1bb33ade3dcad61583fca4
Author: Tom Peters <thopeter@cisco.com>
Date: Fri Sep 3 14:32:01 2021 -0400

http_inspect: http_raw_trailer fast pattern

Merge pull request #3044 in SNORT/snort3 from ~RUCOMBS/snort3:shock_top to master

Squashed commit of the following:

commit 85b754bcf81f1444e34ade76f35a6c574e33ccb8
Author: russ <rucombs@cisco.com>
Date:   Fri Aug 27 17:13:10 2021 -0400

    stream: fix session timeout of expired flows

commit bbce60041761886c547ef3790a5a17ba29260d96
Author: russ <rucombs@cisco.com>
Date:   Thu Aug 26 18:24:46 2021 -0400

    detection: add fast patterns only once per service group

Merge pull request #3050 in SNORT/snort3 from ~MSTEPANE/snort3:build_3.1.12.0 to master

Squashed commit of the following:

commit 681fe9c6a11db766ac04a96e183d2e0b192946be
Author: Mike Stepanek <mstepane@cisco.com>
Date: Wed Sep 8 06:43:19 2021 -0400

build: generate and tag 3.1.12.0

Merge pull request #3006 in SNORT/snort3 from ~MASHASAN/snort3:tcp_queue_limit to master

Squashed commit of the following:

commit 2f3254c69d4a43567561a58be055623abbcb229a
Author: russ <rucombs@cisco.com>
Date:   Mon Aug 16 12:53:36 2021 -0400

    stream_tcp: add pegs for maximum observed queue size

commit 6369d870a5914eee19deee4af0c927ea93ae09a8
Author: Masud Hasan <mashasan@cisco.com>
Date:   Wed Aug 18 11:09:00 2021 -0400

    stream_tcp: Set sequence number in trimmed packets up to the queue limit and increase defaults

commit 515a0150397fd289eb5fff9135fdfc306411a63d
Author: Masud Hasan <mashasan@cisco.com>
Date:   Mon Jul 26 01:00:38 2021 -0400

    stream_tcp: Normalize data when queue limits are enabled

commit 47c851ff0db0019bcd16a8f40fd9555fd9455fb9
Author: russ <rucombs@cisco.com>
Date:   Fri Jul 30 10:43:34 2021 -0400

    stream_tcp: only update window on right edge acks

Merge pull request #3039 in SNORT/snort3 from ~OSHUMEIK/snort3:js_trace to master

Squashed commit of the following:

commit e3a3e9bdb3fe9939334474775fc323bf38280fad
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Fri Aug 20 18:07:16 2021 +0300

    http_inspect: enable traces for JS Normalizer

    This presents Trace framework to NHI.
    Dev/User documentation updated with config option description and
    trace verbosity levels.

Merge pull request #3040 in SNORT/snort3 from ~OSERHIIE/snort3:perf to master

Squashed commit of the following:

commit ce52f396cb63d4db814560cd2964813032c134c0
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date:   Wed Aug 25 02:17:08 2021 +0300

    http_inspect: reduce void space in HttpFlowData

        In order to reduce LLC-load-misses and improve performance,
        the HttpFlowData fields were reordered to cut out the void space

Merge pull request #3037 in SNORT/snort3 from ~MDAGON/snort3:w_cookies to master

Squashed commit of the following:

commit 67af4c4f35b7c61a53ef9ac5e5653348420cd4ab
Author: Maya Dagon <mdagon@cisco.com>
Date: Mon Aug 23 09:53:15 2021 -0400

http_inspect: http_raw_header includes cookies

Merge pull request #3033 in SNORT/snort3 from ~RAMANKS/snort3:nat66 to master

Squashed commit of the following:

commit 83111633eb3dc9fae737690f3a26380e0e3c73d6
Author: Raman Krishnan <ramanks@cisco.com>
Date: Thu Aug 19 14:18:00 2021 -0700

decoder: icmp6: use source and destination addresses from packet to compute icmp6 checksum when NAT is in effect

Merge pull request #3041 in SNORT/snort3 from ~STECHEW/snort3:build_3.1.11.0 to master

Squashed commit of the following:

commit b6adb6b8f275d005823b0932758e45fd42424650
Author: Steve Chew <stechew@cisco.com>
Date: Thu Aug 26 11:34:45 2021 -0400

build: generate and tag 3.1.11.0

Merge pull request #3021 in SNORT/snort3 from ~RUCOMBS/snort3:action_map to master

Squashed commit of the following:

commit 98cbf75ac6c2c93835df7cee33a2914c4e88ee92
Author: russ <rucombs@cisco.com>
Date:   Wed Aug 25 17:27:50 2021 -0400

    framework: update base API version to 8

commit 63354f132bde27324718640042aed840650db512
Author: russ <rucombs@cisco.com>
Date:   Thu Aug 5 10:55:20 2021 -0400

    ips: add action_override which applies to all rules

commit 16f24b55aefc2fb995a2f0dd3e842f6645d14b48
Author: russ <rucombs@cisco.com>
Date:   Wed Aug 4 15:23:18 2021 -0400

    ips: add action_map table to map rule types, eg block -> alert

Merge pull request #3023 in SNORT/snort3 from ~RUCOMBS/snort3:pub_order to master

Squashed commit of the following:

commit e1f7f82009202b4dd5f3f2f8a72b82b95decc0e6
Author: russ <rucombs@cisco.com>
Date:   Wed Aug 25 16:29:47 2021 -0400

    framework: update base API version to 7

commit f465cfcbfeace58569b37b00b62db54daa766ca2
Author: russ <rucombs@cisco.com>
Date:   Fri Aug 6 11:40:46 2021 -0400

    policy: reorganize for sanity

commit 86df6f2bf31b78cc5251c42df5dbfaa6943b8cc7
Author: russ <rucombs@cisco.com>
Date:   Fri Aug 6 11:32:37 2021 -0400

    policy: put inspection policy accessors in public space

commit 56a76559b84bff6437f5e412f807ba27c8e3bf98
Author: russ <rucombs@cisco.com>
Date:   Sat Jul 31 09:51:31 2021 -0400

    data_bus: support ordered call of handlers

    Each handler can set a desired order which defaults to zero meaning
    last. One would be first, and so on. The sequence in which handlers with
    the same order are called is unspecified.

    binder sets order 100 for flow setup events to apply policy. (That makes
    it effectively first since by default everything else is zero / last.)
    plugins which want to predictably set policy on flow setup can run
    before or after binder by setting an appropriate order.

Merge pull request #2902 in SNORT/snort3 from ~RUCOMBS/snort3:cleanup to master

Squashed commit of the following:

commit 21d87e82a398504981aafc80de89f7c94ba2ea56
Author: russ <rucombs@cisco.com>
Date:   Wed Aug 11 16:23:14 2021 -0400

    build: update help for --enable-tsc-clock to include arm

    Thanks to liangxwa01 for reporting the issue.

commit 1bc12be15964930e688c8ee28593ba4687e6f21a
Author: russ <rucombs@cisco.com>
Date:   Sat Jun 5 20:10:49 2021 -0400

    style: remove C style (void) arglists

commit e03855cbd592afe0717d68cf96157379e61277bc
Author: russ <rucombs@cisco.com>
Date:   Sat May 29 05:43:05 2021 -0400

    sip: deprecate max_requestName_len in favor of max_request_name_len

commit ed31851fd733ef36f30042492bc692ae8a73943e
Author: Russ Combs <rucombs@cisco.com>
Date:   Fri May 21 11:51:00 2021 -0400

    dns, ssh: remove obsolete stream insert checks

commit 18b15b46f42fe83d3ba0bc5da332f951681e8d6d
Author: Russ Combs <rucombs@cisco.com>
Date:   Fri May 21 11:45:17 2021 -0400

    style: remove or update crufty preprocessor comments

commit 9dfff0600fac18652f3be6a5ee7025b79e04ce92
Author: Russ Combs <rucombs@cisco.com>
Date:   Wed May 12 15:51:13 2021 -0400

    README: mention vars in default config

commit c6baa917361b3651e30d7ec63f37c696ef29512c
Author: Russ Combs <rucombs@cisco.com>
Date:   Wed May 12 15:50:17 2021 -0400

    lua: update comments in the default config

commit ad0ae3d85affd820f4534704bca732e2129752ca
Author: Russ Combs <rucombs@cisco.com>
Date:   Wed May 12 15:24:27 2021 -0400

    style: remove crufty comments

Merge pull request #2998 in SNORT/snort3 from ~PRBHALER/snort3:sip to master

Squashed commit of the following:

commit 7a9104eaafb9a37030540bd69a354bd95b371520
Author: Pranav Bhalerao <prbhaler@cisco.com>
Date: Mon Jul 26 11:13:19 2021 -0400

flow: introduce bidirectional flag for expected session.

Merge pull request #3030 in SNORT/snort3 from ~RUCOMBS/snort3:frag_wiz to master

Squashed commit of the following:

commit 915930c0405ceaa40b6c6ca640160f9bbcc3b0f6
Author: russ <rucombs@cisco.com>
Date: Tue Aug 17 20:23:32 2021 -0400

inspection: process wizard matches on defragged packets

Merge pull request #3038 in SNORT/snort3 from ~KATHARVE/snort3:http_infractions to master

Squashed commit of the following:

commit bee622927d4fcf9379b28024d0320ad694ac28ef
Author: Katura Harvey <katharve@cisco.com>
Date: Tue Aug 24 15:00:32 2021 -0400

http_inspect: hard-code infraction enum numbers

Merge pull request #3026 in SNORT/snort3 from ~KATHARVE/snort3:perf_builtin to master

Squashed commit of the following:

commit e50bf65a7c4c0ad53abe230fec94e7f053afb9d9
Author: Katura Harvey <katharve@cisco.com>
Date: Fri Aug 13 12:18:53 2021 -0400

http_inspect: add builtin rule for consecutive commas in accept-encoding header

Merge pull request #3029 in SNORT/snort3 from ~KATHARVE/snort3:norm_config_fix to master

Squashed commit of the following:

commit 72bc20166071cdb6b4b19e97ad1f048793f61887
Author: Katura Harvey <katharve@cisco.com>
Date: Thu Aug 12 17:11:44 2021 -0400

normalize: remove tcp.trim config

Merge pull request #3027 in SNORT/snort3 from ~THOPETER/snort3:nhttp157 to master

Squashed commit of the following:

commit f9c2cf8e5f7832950c20c2aa049ce37c48b78240
Author: Tom Peters <thopeter@cisco.com>
Date: Thu Jul 8 16:08:50 2021 -0400

http_inspect: two new built-in rules

Merge pull request #3036 in SNORT/snort3 from ~THOPETER/snort3:vers_back to master

Squashed commit of the following:

commit 758a003c2d8f5efd015058c89052ef270b02695c
Author: Tom Peters <thopeter@cisco.com>
Date: Mon Aug 23 13:28:06 2021 -0400

framework: version rollback

Merge pull request #3032 in SNORT/snort3 from ~THOPETER/snort3:nhttp158 to master

Squashed commit of the following:

commit dc970325178f3d16227e3c1f44f22a32ccb1fa70
Author: Tom Peters <thopeter@cisco.com>
Date: Thu Aug 19 17:23:25 2021 -0400

http_inspect: support more infractions and events

Merge pull request #3025 in SNORT/snort3 from ~VHORBATO/snort3:other_methods to master

Squashed commit of the following:

commit 4be7d2ba74641413c7f390345377942f09ed9c29
Author: Vitalii <vhorbato@cisco.com>
Date: Mon Aug 16 13:32:00 2021 +0300

wizard: support more HTTP and SIP methods

Merge pull request #3016 in SNORT/snort3 from ~OSHUMEIK/snort3:over_pdus to master

Squashed commit of the following:

commit 2c30e5ef0968f45b98b9618342f5311b32146c97
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Mon Jul 26 14:59:35 2021 +0300

    utils: support streamed processing of JS text

    Unit tests added.

    Custom streambuf introduced, so Normalizer will see the next chunk
    as a continuation.

    The capacity of the tracking stack is set to 8, since Lexer has '.' pattern
    for identifiers, and a single character could form a complete token (in Lexer terms).

commit 96f844e272943906c4373790c69f4236a8799be7
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Mon Aug 9 14:52:08 2021 +0300

    utils: address compiler warning

commit 9511296dd877a85da574b146ef43689713369d41
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Mon Jul 26 14:34:35 2021 +0300

    http_inspect: check if Normalizer has consumed input

    The inspector logic expects that Normalizer must consume input bytes.
    If not the normalization is aborted, since there is no other consumer available.

Merge pull request #3031 in SNORT/snort3 from ~RDEMPSTE/snort3:rule_set to master

Squashed commit of the following:

commit 6b3ca22e8a2b259e07236b5c548452757144671b
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Wed Aug 18 19:38:24 2021 -0400

flow: set the client initiated flag before publishing the flow state setup event

Merge pull request #3012 in SNORT/snort3 from ~MDAGON/snort3:normalized2 to master

Squashed commit of the following:

commit 7ee4093ba647ab0af9d606c4b122f2ee43f289ca
Author: Maya Dagon <mdagon@cisco.com>
Date:   Mon Aug 9 09:33:48 2021 -0400

    http_inspect: http_raw_header, http_raw_trailer field support

commit 201821de8e7c23ac00d5305a74e188242e37a04f
Author: Maya Dagon <mdagon@cisco.com>
Date:   Fri Aug 6 07:09:15 2021 -0400

    http_inspect: refactor NormalizedHeader

Merge pull request #3028 in SNORT/snort3 from ~VKAMBALA/snort3:pkt_thread to master

Squashed commit of the following:

commit a40f41d770a0cee1d574dfb383a53f622decfad7
Author: krishnakanth <vkambala@cisco.com>
Date: Tue Aug 17 04:08:06 2021 -0400

smb: Invoke SMB debug in destructor when packet thread available

Merge pull request #3024 in SNORT/snort3 from ~MDAGON/snort3:modbus to master

Squashed commit of the following:

commit 7acce7440173cad642c64684fabf9c713da42de4
Author: Maya Dagon <mdagon@cisco.com>
Date: Tue Aug 10 13:26:47 2021 -0400

modbus: check record length for write file record command

Merge pull request #3004 in SNORT/snort3 from ~DKYRYLOV/snort3:doc_js_norm_template_literals to master

Squashed commit of the following:

commit d27729bee803b4f869f80ba0ba725da06fe6282d
Author: dkyrylov <dkyrylov@cisco.com>
Date: Thu Jul 29 11:11:52 2021 +0300

doc: Add js_norm_max_template_nesting description

Merge pull request #2996 in SNORT/snort3 from ~DKYRYLOV/snort3:js_norm_template_literals to master

Squashed commit of the following:

commit 0272c1a9b1d0b449b197120df5283fef1a9d2ee0
Author: dkyrylov <dkyrylov@cisco.com>
Date: Wed Jul 21 15:44:37 2021 +0300

http_inspect: Add JavaScript template literals normalization

Merge pull request #3019 in SNORT/snort3 from ~KATHARVE/snort3:inject_fix to master

Squashed commit of the following:

commit 8ae8769a1c706cdc3806bfc19258fa9c57357ae6
Author: Katura Harvey <katharve@cisco.com>
Date:   Mon Aug 9 10:41:02 2021 -0400

    payload_injector: check if stream is established on flow rather than the packet flag to handle retries

commit 1c061264b0e81afb23ec85b055b546565a081c62
Author: Katura Harvey <katharve@cisco.com>
Date:   Mon Aug 9 10:37:45 2021 -0400

    stream_tcp: update API called by payload_injector to check for unflushed queued TCP segments

Merge pull request #3017 in SNORT/snort3 from ~RAMANKS/snort3:geneve to master

Squashed commit of the following:

commit 1bfa47cf887b1f72dd2a324f05a325520793600d
Author: Raman Krishnan <ramanks@cisco.com>
Date: Tue Aug 10 20:00:45 2021 -0700

codec: geneve: fix incorrect parsing of option header length

Merge pull request #3018 in SNORT/snort3 from ~MSTEPANE/snort3:build_3.1.10.0 to master

Squashed commit of the following:

commit 806d5a1481672022a70738ee17506341f1c09ceb
Author: Mike Stepanek <mstepane@cisco.com>
Date: Wed Aug 11 07:48:19 2021 -0400

build: generate and tag 3.1.10.0

Merge pull request #2946 in SNORT/snort3 from ~BRASTULT/snort3:dns_splitter to master

Squashed commit of the following:

commit b40a755375381c084237a3113cc74a74857aabb3
Author: Brandon Stultz <brastult@cisco.com>
Date: Tue Jun 15 17:31:03 2021 -0400

dns: add DNS splitter

Merge pull request #3002 in SNORT/snort3 from ~DANMCGAR/snort3:ssh-bug-fixes to master

Squashed commit of the following:

commit fc1527ee54af92eea9444658cc3ff6a5df6e3fb2
Author: Daniel McGarvey <danmcgar@cisco.com>
Date:   Fri Aug 6 13:57:31 2021 -0400

    ssh: handle traffic with invalid version string

commit dca39e7620d22ea633db0851bc0c4fcc6a6fd8af
Author: Daniel McGarvey <danmcgar@cisco.com>
Date:   Fri Aug 6 13:49:26 2021 -0400

    ssh: handle version string packets that also contain key exchange data

Merge pull request #2993 in SNORT/snort3 from ~OSERHIIE/snort3:doc_js_identifier_norm to master

Squashed commit of the following:

commit d90e8b5dd8961a932f872b65a97d99c84b8f3443
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date: Thu Jul 22 15:24:21 2021 +0300

doc: update user for identifier normalization

Merge pull request #2992 in SNORT/snort3 from ~OSERHIIE/snort3:js_identifier_norm to master

Squashed commit of the following:

commit 6cbd5f096fd4531ec454edbbadc707919258e847
Author: Oleksandr Serhiienko <oserhiie@cisco.com>
Date:   Mon Jul 12 13:39:20 2021 +0300

    http_inspect: add JavaScript identifiers normalization

        * utils: add identifiers normalization to js_tokenizer and js_identifier_ctx as a context of identifiers normalization
        * utils: adjust js_normalizer_test unit tests
        * utils: add js_identifier_ctx_test unit tests
        * http_inspect: add js_norm_identifier_depth config option
        * http_inspect: add JS_IDENTIFIER_OVERFLOW built-in alert
        * http_inspect: add js_identifiers and js_identifier_overflows peg counts
        * http_inspect: update dev_notes.txt

Merge pull request #3010 in SNORT/snort3 from ~MASHASAN/snort3:skip_old_segment to master

Squashed commit of the following:

commit c5482358cf1437daeab531673b1f96cb96580ea3
Author: Masud Hasan <mashasan@cisco.com>
Date: Sat Jul 24 23:54:31 2021 -0400

stream_tcp: Skip unordered segments if last flushed position already moved past

Merge pull request #2986 in SNORT/snort3 from ~CLJUDGE/snort3:snort3_smb_payload_apps_2 to master

Squashed commit of the following:

commit 15b0fda7076f8c35fb4a0ad95c048ed4f40a3889
Author: cljudge <cljudge@cisco.com>
Date: Mon Jul 19 04:41:17 2021 -0400

appid: update netbios-ss (SMB) detector to extract SMB domain from SMBv2, and more intelligently handle payload appid detection.

Merge pull request #3007 in SNORT/snort3 from ~CLJUDGE/snort3:snort3_change_req_body to master

Squashed commit of the following:

commit d2ff026b81050ec472acd1fdb29369a5e4fc23e0
Author: cljudge <cljudge@cisco.com>
Date: Thu Jul 29 10:31:26 2021 -0400

http_inspect: Change the default value of request_body_app_detection config parameter to true.

Merge pull request #3001 in SNORT/snort3 from ~SATHIRKA/snort3:sip_odp_reload to master

Squashed commit of the following:

commit 2b6790982998f014959301f7665f05dc388e6996
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Fri Jul 16 16:34:12 2021 -0400

appid: use packet thread odp context while creating SIP session

Merge pull request #3005 in SNORT/snort3 from ~SVLASIUK/snort3:wizard_options_move to master

Squashed commit of the following:

commit 4781785cec1ec20013758611cea6628db253d5c2
Author: russ <rucombs@cisco.com>
Date:   Thu May 6 09:54:51 2021 -0400

    wizard: add wizard max_pattern option and update HTTP/SIP aware methods patterns

commit a80b39187048cbab9bdcb70d59273aff773c7bff
Author: russ <rucombs@cisco.com>
Date:   Thu May 6 12:59:33 2021 -0400

    smtp: remove unused defines

commit 2bc14ed5ebee6aa818b60959432e0f22fb7651e3
Author: russ <rucombs@cisco.com>
Date:   Thu May 6 13:00:16 2021 -0400

    telnet: correct help for ayt_attack_thresh

commit c695c3092b7ef955e81de6090c6d6683e1946195
Author: russ <rucombs@cisco.com>
Date:   Thu May 6 13:00:57 2021 -0400

    ftp: remove unused defines and crufty comments

Merge pull request #3008 in SNORT/snort3 from ~VKAMBALA/snort3:ftracker to master

Squashed commit of the following:

commit 6e194f67c65ce7825345ab82ead4fe92861ecabe
Author: krishnakanth <vkambala@cisco.com>
Date: Fri Jul 30 12:08:04 2021 -0400

dce_smb: Restoring File tracker size post deletion

Merge pull request #2036 in SNORT/snort3 from ~SHRARANG/snort3:reorg_dynamic_libs to master

Squashed commit of the following:

commit 7880c187fb22613cf9d8e3910146b58a3cbbbc30
Author: Shravan Rangaraju <shrarang@cisco.com>
Date: Fri Feb 28 15:49:30 2020 -0500

build: install DAQ modules and Snort plugins in separate folders

Merge pull request #3003 in SNORT/snort3 from ~BSACHDEV/snort3:file_trace_infra to master

Squashed commit of the following:

commit a2d100df370abe5cbb31ae22d6221ba766d417e9
Author: bsachdev <bsachdev@cisco.com>
Date: Wed Jul 7 01:52:33 2021 -0400

file_api: Added infra and file debugs to existing debugging framework

Merge pull request #3000 in SNORT/snort3 from ~MSTEPANE/snort3:build_3.1.9.0 to master

Squashed commit of the following:

commit b68d4a2da45b3c27f5ceab8bec0d64d359a27a71
Author: Mike Stepanek <mstepane@cisco.com>
Date: Wed Jul 28 06:18:02 2021 -0400

build: generate and tag 3.1.9.0

Merge pull request #2999 in SNORT/snort3 from ~STECHEW/snort3:events_id2 to master

Squashed commit of the following:

commit a8e58353979b450e801b29d0e080dc64151db382
Author: Steve Chew <stechew@cisco.com>
Date: Fri Jun 25 16:38:13 2021 -0400

events: Use instance_id to make event_id unique across threads.